To create a sensitive attribute:

  1. Create one or more sensitive attribute definitions using dsconfig create-sensitive-attribute.

    For example, to create a sensitive attribute definition that only allows access to the employeeSSN attribute by clients using secure connections, make the following configuration changes.

    $ bin/dsconfig create-sensitive-attribute \ 
      --attribute-name "Employee Social Security Numbers" \ 
      --set attribute-type:employeeSSN \ 
      --set include-default-sensitive-operational-attributes:true \ 
      --set allow-in-returned-entries:secure-only \ 
      --set allow-in-filter:secure-only \
      --set allow-in-add:secure-only \ 
      --set allow-in-compare:secure-only \
      --set allow-in-modify:secure-only
  2. Associate the sensitive attribute definitions with the client connection policies that you want to enforce using dsconfig set-client-connection-policy-prop.
    $ bin/dsconfig set-client-connection-policy-prop --policy-name default \ 
      --set "sensitive-attribute:Employee Social Security Numbers"